marquimvfs
Member
On Nov 12, 2019, VUSec disclosed TSX Asynchronous Abort (TAA), a new speculation-based vulnerability in Intel CPUs as well as other MDS-related issues, as described in their new RIDL (Rougue In-Flight Data Load) addendum. Theu also claim that, In reality, this is no new vulnerability. According to them, they disclosed TAA (and other issues) as part of the original RIDL submission to Intel in Sep 2018. Unfortunately, the Intel PSIRT team missed the submitted proof-of-concept exploits (PoCs), and as a result, the original MDS mitigations released in May 2019 only partially addressed RIDL.
At the request of Intel, the following details on the original RIDL/MDS disclosure date where withheld:
They also attack Intel's lack of transparency, and claim that the fixes published by the company wheren't effective and this was never stated by the company. It's also disclosed that, even if in theory an antivirus software could block the attack, the same is unlikely in practice. However an antivirus software may can detect malware wich uses the attack by comparing binaries after they become known.
More on the source: https://mdsattacks.com/#ridl-ng
At the request of Intel, the following details on the original RIDL/MDS disclosure date where withheld:
- TSX Asynchronous Abort (TAA). Intel's TSX hardware feature can be used to efficiently mount a RIDL attack even on allegedly non-vulnerable CPUs (with hardware mitigations).
- Alignment faults. These can be used to trigger an exception, giving an attacker yet another way of leaking data. This attack vector seems to be fixed in the latest generation of Intel CPUs.
- Flawed MDS mitigation. The initial mitigations against MDS clear the buffers by writing stale, potentially sensitive, data into these buffers, allowing an attacker to leak information despite mitigations being enabled.
- The RIDL test suite. We can now release the RIDL test suite at https://github.com/vusec/ridl.
They also attack Intel's lack of transparency, and claim that the fixes published by the company wheren't effective and this was never stated by the company. It's also disclosed that, even if in theory an antivirus software could block the attack, the same is unlikely in practice. However an antivirus software may can detect malware wich uses the attack by comparing binaries after they become known.
More on the source: https://mdsattacks.com/#ridl-ng